Questions tagged with AWS WAF
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
We have 2 identical prod environments in AWS and the end-user send the exact same payload in those environments. However, one works fine, the other is blocked by **AWS Managed WAF Ruleset-Size...
1
answers
0
votes
391
views
asked a month agolg...
There's an endpoint blocked by AWS WAF. Let's say /api/services. In the logs, it's evident that it's being blocked due to the "size body" in the AWS Managed RuleSet. I've edited SizeRestrictions_BODY...
1
answers
0
votes
358
views
asked a month agolg...
is there a way to customize the 403 error message that WAF puts out? Right now our clients are seeing:
<html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center>...
1
answers
0
votes
244
views
asked a month agolg...
I'm using the WebACL, that is included my rule group, and other account's rule group.
I know that i cannot read or modify the other's rule group, but when I try to add a new rule group or market rule...
1
answers
0
votes
224
views
asked a month agolg...
I have rechecked I don't have any I haven't set up any AWS WAF. Even not able to see under WAF any resource.
I am getting lots of bills hourly based for Global-RuleV2 and AWS WAF Global-WebACLV2.
how...
1
answers
0
votes
408
views
asked 2 months agolg...
Hello,
In the EC2 instance, there is an image processing API, and I associate a WAF on ALB, then configured the following rule in the WAF:
```typescript
const awsManagedRulesCommonRuleSet:...
2
answers
0
votes
455
views
asked 2 months agolg...
One of our client is trying to reach our application but they are not able to reach with 403 error.
We have enabled WAF for this application with a custom rule looking for X-Forwarded-For header...
2
answers
0
votes
377
views
asked 2 months agolg...
ConfigureRateBasedRule: CloudFormation did not receive a response from your Custom Resource. If you are using the Python cfn-response module, you may need to update your Lambda function code so that...
1
answers
0
votes
220
views
asked 2 months agolg...
I am analysing my waf logs and i want to ignore any requests coming from Amazon's web crawling bots
Could someone help me with that
Well i tried to reverse and forward DNS look up to verify an ip...
2
answers
0
votes
290
views
asked 2 months agolg...
I have deployed microservice application on ECS in Mumbai region but my customers are from Sri Lanka how can I block the access to the application from other countries except Sri Lanka, when I set Sri...
2
answers
0
votes
199
views
asked 2 months agolg...
I have a website that is behind ALB with WAF integration. Our vulnerability scan showed the following:
Website Does Not Implement HSTS Best Practices
**Recommendation:**
Implement HTTP Strict...
2
answers
0
votes
698
views
asked 2 months agolg...
I have done a security vulnerability scan against my hosted site behind ALB with WAF integration. The scan reported the following:
Content Security Policy (CSP)...
1
answers
0
votes
670
views
asked 2 months agolg...